feat: Allow unverified users to buy free tickets (#7393)

fossasia · Oct 30, 2020 · 6b504f7 · 6b504f7
1 parent 63ac408
commit 6b504f7
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 8 deletions.
diff --git a/app/api/orders.py b/app/api/orders.py
@@ -5,7 +5,7 @@
 
 import omise
 import requests
-from flask import Blueprint, jsonify, redirect, request, url_for
+from flask import Blueprint, current_app, jsonify, redirect, request, url_for
 from flask_jwt_extended import current_user
 from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
 from marshmallow_jsonapi import fields
@@ -195,7 +195,9 @@ def validate_attendees(ticket_holders):
         if ticket_holder.ticket.type == 'free':
             free_ticket_quantity += 1
 
-    if not current_user.is_verified and free_ticket_quantity == len(ticket_holders):
+    if not current_app.config['ALLOW_UNVERIFIED_FREE_ORDERS'] and (
+        not current_user.is_verified and free_ticket_quantity == len(ticket_holders)
+    ):
         raise ForbiddenError(
             {'pointer': '/data/relationships/user', 'code': 'unverified-user'},
             "Unverified user cannot place free orders",

diff --git a/app/api/users.py b/app/api/users.py
@@ -403,13 +403,14 @@ class UserRelationship(ResourceRelationship):
     data_layer = {'session': db.session, 'model': User}
 
 
-@user_misc_routes.route('/users/checkEmail', methods=['POST'])
+@user_misc_routes.route('/users/check_email', methods=['POST'])
+@user_misc_routes.route('/users/checkEmail', methods=['POST'])  # deprecated
 def is_email_available():
     email = request.json.get('email', None)
     if email:
-        if get_count(db.session.query(User).filter_by(email=email)):
-            return jsonify(result="False")
-        return jsonify(result="True")
+        if get_count(db.session.query(User).filter_by(deleted_at=None, email=email)):
+            return jsonify(exists=True)
+        return jsonify(exists=False)
     abort(make_response(jsonify(error="Email field missing"), 422))
 
 

diff --git a/config.py b/config.py
@@ -77,6 +77,8 @@ class Config:
     )
     ETAG = True
     ATTACH_ORDER_PDF = env.bool('ATTACH_ORDER_PDF', default=True)
+    # Allow unverified users to buy free tickets. Default: False
+    ALLOW_UNVERIFIED_FREE_ORDERS = env.bool('ALLOW_UNVERIFIED_FREE_ORDERS', default=False)
 
     if not SQLALCHEMY_DATABASE_URI:
         print('`DATABASE_URL` either not exported or empty')

diff --git a/docs/api/blueprint/user/users.apib b/docs/api/blueprint/user/users.apib
@@ -1455,7 +1455,7 @@ Get the details of the user.
             }
         }
 
-## Check if the email is available [/v1/users/checkEmail]
+## Check if the email is available [/v1/users/check_email]
 Check if the email passed is available or not. True is returned if the email is available, false otherwise.
 
 
@@ -1478,5 +1478,5 @@ Check if the email passed is available or not. True is returned if the email is
 + Response 200 (application/json)
 
         {
-            "result": "True"
+            "exists": true
         }